CWE-78: OS Command Injection

This CVE describes an OS command injection vulnerability in Fortinet FortiWLM wireless LAN management systems. Attackers can execute arbitrary command...

This CVE describes an OS command injection vulnerability in Fortinet FortiWLM that allows attackers to execute arbitrary commands on affected systems....

This CVE describes an OS command injection vulnerability in Fortinet FortiWLM wireless LAN management systems. Attackers can execute arbitrary command...

CVE-2023-36618 allows authenticated low-privileged users to execute arbitrary operating system commands with root privileges on Atos Unify OpenScape S...

This vulnerability allows authenticated attackers on ASUS RT-AX55 routers to execute arbitrary operating system commands by injecting malicious input ...

This vulnerability allows a network-adjacent unauthenticated attacker to execute arbitrary operating system commands on affected Archer A10 routers. A...

This CVE describes an OS command injection vulnerability in ELECOM wireless routers that allows authenticated attackers to execute arbitrary operating...

This CVE describes a command injection vulnerability in TN-5900 Series firmware that allows remote code execution. Attackers can exploit insufficient ...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Zyxel NBG6604 routers by sending specially crafted...

This SQL injection vulnerability in ScienceLogic SL1's message viewer print feature allows attackers to execute arbitrary SQL commands by injecting ma...

This SQL injection vulnerability in ScienceLogic SL1's logging export feature allows attackers to execute arbitrary SQL commands against the database ...

This SQL injection vulnerability in ScienceLogic SL1 allows attackers to execute arbitrary SQL commands through the vendor_country parameter in the ve...

This SQL injection vulnerability in ScienceLogic SL1's ticket watchers email feature allows attackers to execute arbitrary SQL commands by injecting m...

This SQL injection vulnerability in ScienceLogic SL1's ticket queue watchers feature allows attackers to execute arbitrary SQL commands against the da...

This SQL injection vulnerability in ScienceLogic SL1 allows attackers to execute arbitrary SQL commands through the 'reporter events type date' featur...

This SQL injection vulnerability in ScienceLogic SL1's notes view feature allows attackers to execute arbitrary SQL commands by injecting malicious in...

This SQL injection vulnerability in ScienceLogic SL1's schedule editor feature allows attackers to execute arbitrary SQL commands against the database...

This SQL injection vulnerability in ScienceLogic SL1 allows attackers to execute arbitrary SQL commands through the admin dynamic app mib errors featu...

This CVE describes a command injection vulnerability in ScienceLogic SL1's ticket report generation feature. Attackers can inject arbitrary commands i...

This CVE describes a command injection vulnerability in ScienceLogic SL1's report download/convert feature where unsanitized user input is passed dire...

This SQL injection vulnerability in ScienceLogic SL1's 'json walker' feature allows attackers to inject malicious SQL queries through unsanitized user...

This CVE describes a command injection vulnerability in ScienceLogic SL1's ARP ping device tool that allows attackers to execute arbitrary commands on...

This vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on PHOENIX CONTACT WP 6xxx series web panels b...

This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands on ESDS Emagic Data Center Management Suite sy...

This vulnerability allows remote attackers with low-privilege access to PHOENIX CONTACT WP 6xxx series web panels to escalate privileges to full devic...

An unauthenticated LAN-based attacker can execute arbitrary OS commands on affected Zyxel network devices by sending a malicious GRE configuration whe...

An unauthenticated command injection vulnerability in the Free Time WiFi hotspot feature of Zyxel USG FLEX and VPN series firewalls allows LAN-based a...

This vulnerability allows an unauthenticated attacker on the local network to inject OS commands into the configuration data of affected Zyxel devices...

This CVE describes an OS command injection vulnerability in the Milesight UR32L router's vtysh_ubus _get_fw_logs functionality. Attackers can execute ...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Maxprint Maxlink 1200G routers through the diagnostic too...

This vulnerability in mailcow allows authenticated attackers to manipulate internal Dovecot variables by using specially crafted passwords during auth...

This vulnerability allows authenticated users in Dolibarr to execute arbitrary code on the server by injecting PHP code with uppercase <?PHP tags inst...

This CVE describes an OS command injection vulnerability in SolarView Compact devices that allows remote authenticated attackers to execute arbitrary ...

This CVE describes an OS command injection vulnerability in SolarView Compact mail settings that allows authenticated remote attackers to execute arbi...

CVE-2023-24805 is a command injection vulnerability in cups-filters' Backend Error Handler (beh) that allows remote code execution. Attackers with net...

This vulnerability allows authenticated users to execute arbitrary commands on Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches by injec...

This vulnerability in IBM TS7700 Management Interface allows authenticated users to submit specially crafted URLs that can lead to privilege escalatio...

This is a post-authentication command injection vulnerability in Zyxel NBG6604 home routers. An authenticated attacker can execute arbitrary OS comman...

This vulnerability allows authenticated users to inject arbitrary operating system commands in mySCADA myPRO versions 8.26.0 and prior. Attackers with...

This vulnerability allows authenticated users in mySCADA myPRO systems to inject arbitrary operating system commands through vulnerable parameters. It...

This vulnerability allows authenticated users of mySCADA myPRO versions 8.26.0 and prior to inject arbitrary operating system commands through vulnera...

This is a post-authentication command injection vulnerability in Zyxel firewall CLI commands that allows authenticated attackers to execute arbitrary ...

CVE-2023-29804 is a command injection vulnerability in WFS-SR03 v1.0.3 that allows attackers to execute arbitrary commands on affected devices via the...

This CVE describes an OS command injection vulnerability in CONPROSYS IoT Gateway products that allows remote authenticated attackers with access to t...

This vulnerability allows attackers on the same network to execute arbitrary code on D-Link DIR-825 routers without authentication. The flaw exists in...

This vulnerability allows network-adjacent attackers to execute arbitrary code on D-Link DIR-825 routers without authentication. The flaw exists in th...

This vulnerability allows attackers on the same network to execute arbitrary code on D-Link DIR-825 routers without authentication. The flaw exists in...

This vulnerability allows attackers on the same network to execute arbitrary commands on D-Link DIR-2150 routers without authentication. The flaw exis...

This vulnerability allows authenticated attackers to execute arbitrary shell commands with root privileges on FortiWeb web application firewalls. It a...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on FortiWAN devices by injecting malicious arguments ...